package com.framework.simplemvc.config;


import org.springframework.core.annotation.Order;
import org.springframework.web.bind.WebDataBinder;
import org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.bind.annotation.InitBinder;

/**
 * Spring 框架JNDI注入漏洞安全风险通告
 * @author lihanbo
 * @version 1.0
 * @date 2022/3/30 14:20
 */
@ControllerAdvice
@Order(10000)
public class GlobalControllerAdvice {
    @InitBinder
    public void setAllowedFields(WebDataBinder dataBinder) {
        String[] abd = new String[]{"class.*", "Class.*", "*.class.*", "*.Class.*"};
        dataBinder.setDisallowedFields(abd);
    }
}
